Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Method for Random Number Generation Developed

Posted by ScuttleMonkey on from the lots-of-coin-flipping dept.

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

17 of 395 comments (clear)

  1. Random today, but still random tomorrow? by JSBiff · · Score: 1, Insightful

    I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

    Still, I suppose until such a time (if it ever arrives), this is probably a lot better than currently existing approaches.

    1. Re:Random today, but still random tomorrow? by Anonymous Coward · · Score: 1, Insightful

      If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

      The only support for that is that nobody knows how to predict it yet. If someone does find a way then we'll just have to modify our understanding of the universe accordingly. To announce that it just won't ever be able to be done is to mistake our current scientific knowledge for revealed religious Truth.

    2. Re:Random today, but still random tomorrow? by zegota · · Score: 2, Insightful

      "Say...choose 5 folders at random on a PC" And how exactly do you propose we choose those folders randomly?

    3. Re:Random today, but still random tomorrow? by CharlyFoxtrot · · Score: 3, Insightful

      It's random folders all the way down.

      --
      If all else fails, immortality can always be assured by spectacular error.
  2. Judging by your comment... by AtomicDevice · · Score: 2, Insightful

    I'd say based on the fact that all your characters were lower case, and the overwhelming proportion of characters to digits, there are significantly fewer bits of entropy in your so-called random comment than you would have us believe.

    --
    Ze Atomic Device! It iz Ztolen!
    1. Re:Judging by your comment... by tepples · · Score: 2, Insightful

      The entropy of a sequence of numbers is its Kolmogorov complexity. It can't be calculated, but compression programs like 7-Zip give upper bounds.

  3. Re:Why not use the ultimate random number generato by Anonymous Coward · · Score: 2, Insightful

    So your suggestion is to generate a random with a random? How do you get the random slashdot thread?

  4. Hardware? by e2d2 · · Score: 3, Insightful

    TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

  5. What is "more random"? by onionman · · Score: 4, Insightful

    From TFA:

    The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.

    Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.

    I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.

    What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

  6. Re:This is a random comment. by MillionthMonkey · · Score: 3, Insightful

    The set of all random numbers does not exclude "non-random-looking" numbers. I just cherry-picked one for you.

  7. reproducibility by domulys · · Score: 3, Insightful

    While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility.

    Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

    1. Re:reproducibility by msauve · · Score: 3, Insightful

      Just record the stream the first time, and play it back for testing.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    2. Re:reproducibility by RAMMS+EIN · · Score: 3, Insightful

      Horses for courses. If you want reproducible, you don't want true random. If you want security, you do.

      --
      Please correct me if I got my facts wrong.
  8. Re:This is a random comment. by Martin+Blank · · Score: 4, Insightful

    You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.

    It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.

    It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."

    --
    You can never go home again... but I guess you can shop there.
  9. Re:XKCD Bait by soulsteal · · Score: 2, Insightful

    Is this your card?

  10. Re:This is a random comment. by maxwell+demon · · Score: 2, Insightful

    How about this as random?

    Sr5&8w796Z6W9mVVM7HAuv43Yg8D523QwTf25646@SEKKEP3#m2t3f@2ap95295437852^5262S*qMK#b&B#^aXbxNfRQudSCz9P

    Sort of looks like there are groups of character-types, but I guess it could be random.

    Actually anything could be random, because by its very nature a random process can create anything, including "Sort of looks like there are groups of character-types, but I guess it could be random."
    However, it's still much more likely that you intentionally wrote that sentence, that that it just happened to be generated by a random process.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  11. Good for cryptography, bad for statistics by EdgeyEdgey · · Score: 2, Insightful

    TFA gives an example "Such simulations can test theories of hurricane formation, climate change, and the spread of disease epidemics, for instance." Which required repeatable random numbers.
    For cryptography its fine though.

    --
    [Intentionally left blank]